Apache Commons Email and JBOSS SSL - sending email fails with SunCertPathBuilderException

StackOverflow https://stackoverflow.com/questions/19764205

Question

I send emails using GMail like this:

   private boolean sendMail() {
      try {
         HtmlEmail email = new HtmlEmail();
         email.setHostName("smtp.gmail.com");
         email.setSmtpPort("465");
         email.setAuthenticator(new DefaultAuthenticator("user", "pwd");
         email.setSSLOnConnect(true);
         email.addTo("no@mail.pl");
         email.setFrom("some@gmail.com");
         email.setCharset(org.apache.commons.mail.EmailConstants.UTF_8);
         email.setHtmlMsg(htmlMsg);
         email.setSubject(subject);
         email.send();
         return true;
      } catch (NumberFormatException | EmailException ex) {
         logger.error("Błąd podczas wysyłania wiadmości e-mail: " + htmlMsg, ex);
         return false;
      }
   }

This works when i start JBOSS 6.1 when i start him without SSL configuration this works. But when i start JBOSS with SSL Enabled, with parameter -Djavax.net.ssl.trustStore="D:/jboss-6.1.0.Final/server/app/conf/localhost.keystore" it does not work throwing in the end an: Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. I assume that i have to import the Google certificate in my truststore to get this working but i dont want to do this if thats possible. Is there a way to overcome this?

more: 

</pre></body></html>: org.apache.commons.mail.EmailException: Sending the email to the following server failed : smtp.gmail.com:465
    at org.apache.commons.mail.Email.sendMimeMessage(Email.java:1401) [:1.3.1]
    at org.apache.commons.mail.Email.send(Email.java:1428) [:1.3.1]
    at pl.company.app.mail.MailServiceImpl.sendMail(MailServiceImpl.java:68) [:]
    at pl.company.app.mail.MailServiceImpl.sendErrorMessage(MailServiceImpl.java:94) [:]
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [:1.7.0_11]
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [:1.7.0_11]
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [:1.7.0_11]
    at java.lang.reflect.Method.invoke(Method.java:601) [:1.7.0_11]
    at org.apache.wicket.proxy.LazyInitProxyFactory$JdkHandler.invoke(LazyInitProxyFactory.java:435) [:6.11.0]
    at $Proxy160.sendErrorMessage(Unknown Source)   at pl.company.app.ExceptionErrorPage.sendMail(ExceptionErrorPage.java:59) [:]
    at pl.company.app.ExceptionErrorPage.<init>(ExceptionErrorPage.java:30) [:]
    at pl.company.app.WicketApplication$1.onException(WicketApplication.java:150) [:]
    at org.apache.wicket.request.cycle.RequestCycleListenerCollection$4.notify(RequestCycleListenerCollection.java:126) [:6.11.0]
    at org.apache.wicket.request.cycle.RequestCycleListenerCollection$4.notify(RequestCycleListenerCollection.java:122) [:6.11.0]
    at org.apache.wicket.util.listener.ListenerCollection.notify(ListenerCollection.java:80) [:6.11.0]
    at org.apache.wicket.request.cycle.RequestCycleListenerCollection.onException(RequestCycleListenerCollection.java:121) [:6.11.0]
    at org.apache.wicket.request.cycle.RequestCycleListenerCollection$4.notify(RequestCycleListenerCollection.java:126) [:6.11.0]
    at org.apache.wicket.request.cycle.RequestCycleListenerCollection$4.notify(RequestCycleListenerCollection.java:122) [:6.11.0]
    at org.apache.wicket.util.listener.ListenerCollection.notify(ListenerCollection.java:80) [:6.11.0]
    at org.apache.wicket.request.cycle.RequestCycleListenerCollection.onException(RequestCycleListenerCollection.java:121) [:6.11.0]
    at org.apache.wicket.request.cycle.RequestCycle.handleException(RequestCycle.java:347) [:6.11.0]
    at org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:229) [:6.11.0]
    at org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:289) [:6.11.0]
    at org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:259) [:6.11.0]
    at org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:201) [:6.11.0]
    at org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282) [:6.11.0]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:274) [:6.1.0.Final]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:242) [:6.1.0.Final]
    at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:208) [:]
    at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:181) [:]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:274) [:6.1.0.Final]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:242) [:6.1.0.Final]
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) [:6.1.0.Final]
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) [:6.1.0.Final]
    at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:181) [:6.1.0.Final]
    at org.jboss.modcluster.catalina.CatalinaContext$RequestListenerValve.event(CatalinaContext.java:285) [:1.1.0.Final]
    at org.jboss.modcluster.catalina.CatalinaContext$RequestListenerValve.invoke(CatalinaContext.java:261) [:1.1.0.Final]
    at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:88) [:6.1.0.Final]
    at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:100) [:6.1.0.Final]
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:159) [:6.1.0.Final]
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [:6.1.0.Final]
    at org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:273) [:6.1.0.Final]
    at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158) [:6.1.0.Final]
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [:6.1.0.Final]
    at org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:273) [:6.1.0.Final]
    at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.invoke(ActiveRequestResponseCacheValve.java:53) [:6.1.0.Final]
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:362) [:6.1.0.Final]
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [:6.1.0.Final]
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:654) [:6.1.0.Final]
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:951) [:6.1.0.Final]
    at java.lang.Thread.run(Thread.java:722) [:1.7.0_11]
Caused by: javax.mail.MessagingException: Could not connect to SMTP host: smtp.gmail.com, port: 465;
  nested exception is:
    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1972) [:1.4.5]
    at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:642) [:1.4.5]
    at javax.mail.Service.connect(Service.java:317) [:1.4.5]
    at javax.mail.Service.connect(Service.java:176) [:1.4.5]
    at javax.mail.Service.connect(Service.java:125) [:1.4.5]
    at javax.mail.Transport.send0(Transport.java:194) [:1.4.5]
    at javax.mail.Transport.send(Transport.java:124) [:1.4.5]
    at org.apache.commons.mail.Email.sendMimeMessage(Email.java:1391) [:1.3.1]
    ... 51 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) [:1.7.0_11]
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1902) [:1.7.0_11]
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276) [:1.7.0_11]
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270) [:1.7.0_11]
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1338) [:1.7.0_11]
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:154) [:1.7.0_11]
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868) [:1.7.0_11]
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:804) [:1.7.0_11]
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1032) [:1.7.0_11]
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1328) [:1.7.0_11]
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1355) [:1.7.0_11]
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339) [:1.7.0_11]
    at com.sun.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:548) [:1.4.5]
    at com.sun.mail.util.SocketFetcher.createSocket(SocketFetcher.java:352) [:1.4.5]
    at com.sun.mail.util.SocketFetcher.getSocket(SocketFetcher.java:207) [:1.4.5]
    at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1938) [:1.4.5]
    ... 58 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385) [:1.7.0_11]
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) [:1.7.0_11]
    at sun.security.validator.Validator.validate(Validator.java:260) [:1.7.0_11]
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326) [:1.7.0_11]
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231) [:1.7.0_11]
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126) [:1.7.0_11]
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1320) [:1.7.0_11]
    ... 69 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196) [:1.7.0_11]
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268) [:1.7.0_11]
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380) [:1.7.0_11]
    ... 75 more
Was it helpful?

Solution

Found the answer to this problem: https://stackoverflow.com/a/17606519/534877 The GMail SSL certificate was generated using this tutorial: http://notepad2.blogspot.com/2012/04/import-gmail-certificate-into-java.html

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top